public Task ChallengeAsync(ChallengeContext context) { bool handled = false; if (ShouldHandleScheme(context.AuthenticationScheme)) { switch (context.Behavior) { case ChallengeBehavior.Automatic: // If there is a principal already, invoke the forbidden code path if (User == null) { goto case ChallengeBehavior.Unauthorized; } else { goto case ChallengeBehavior.Forbidden; } case ChallengeBehavior.Unauthorized: HttpContext.Response.StatusCode = 401; // We would normally set the www-authenticate header here, but IIS does that for us. break; case ChallengeBehavior.Forbidden: HttpContext.Response.StatusCode = 403; handled = true; // No other handlers need to consider this challenge. break; } context.Accept(); } if (!handled && PriorHandler != null) { return PriorHandler.ChallengeAsync(context); } return Task.FromResult(0); }
public virtual void Challenge(ChallengeContext context) { if (ShouldHandleScheme(context.AuthenticationScheme)) { ChallengeContext = context; context.Accept(); } if (PriorHandler != null) { PriorHandler.Challenge(context); } }
public async Task ChallengeAsync(ChallengeContext context) { bool handled = false; ChallengeCalled = true; if (ShouldHandleScheme(context.AuthenticationScheme)) { switch (context.Behavior) { case ChallengeBehavior.Automatic: // If there is a principal already, invoke the forbidden code path var ticket = await HandleAuthenticateOnceAsync(); if (ticket?.Principal != null) { handled = await HandleForbiddenAsync(context); } else { handled = await HandleUnauthorizedAsync(context); } break; case ChallengeBehavior.Unauthorized: handled = await HandleUnauthorizedAsync(context); break; case ChallengeBehavior.Forbidden: handled = await HandleForbiddenAsync(context); break; } context.Accept(); } if (!handled && PriorHandler != null) { await PriorHandler.ChallengeAsync(context); } }